hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 23:02:56 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,208 Commits 1,684 Branches 159 Tags
e41d6099216cd5ba33766fbfef04d809e6091e4e
Commit Graph

763 Commits

Author SHA1 Message Date
Owen Mansel-Chan
d0c9aacd54 Distinguish variadic and non-variadic signature types in extractor 2021-12-01 09:33:44 -05:00
Owen Mansel-Chan
628835d3b3 Add failing tests for isVariadic 
`nonvariadicDeclaredFunction` has the same signature as
`variadicDeclaredFunction`, so it is being erroneously reported as
variadic.
 2021-12-01 09:32:12 -05:00
Owen Mansel-Chan
acc5c4098a Fix Function.isVariadic to work on external packages 
Going via `getFuncDecl()` didn't work as we don't function declarations
from external packages. It works to use `getType()` instead.
 2021-11-30 15:11:34 -05:00
Owen Mansel-Chan
a6d8deae3e Add Fmt.Fprint to isVariadic tests 
We didn't have any tests involving a function in an imported package.
 2021-11-30 15:07:57 -05:00
Owen Mansel-Chan
f9a3832aa2 Add extractor test that empty interface type exists 2021-11-26 15:16:09 -05:00
Tony Torralba
662f880ab8 Merge pull request #609 from github/atorralba/log-injection-query 
Go: Add Log Injection query (CWE-117)
 2021-11-24 15:41:43 +01:00
tunnelshade
aeaa861fc6 Add Where method of squirrel sql builders to query range 2021-11-23 10:11:31 +05:30
Tony Torralba
f2017b626e Fix stubs 2021-11-22 09:15:12 +01:00
Tony Torralba
c9332cdccb Fix *Depth log levels in glog and klog 2021-11-22 09:15:01 +01:00
Tony Torralba
c886d10388 Add Log Injection query 2021-11-19 17:55:34 +01:00
Chris Smowton
792bc4bce0 Merge pull request #596 from pupiles/feature/cwe-090 
CWE-090: Ldap Injection
 2021-11-10 11:31:36 +00:00
Chris Smowton
f3ba40e29d Update test expectations 2021-11-10 09:42:19 +00:00
Chris Smowton
1ebb47feb3 Fix filename spelling error 2021-11-10 09:29:50 +00:00
pupiles
4d9ce49816 use stubs libs && add heuristic sanitizers 2021-11-10 14:12:45 +08:00
pupiles
97d4359881 add test code 2021-11-09 21:31:35 +08:00
Valeria
9f52a6654e Merge branch 'main' into feature/SSRF 2021-11-04 09:56:10 -03:00
Chris Smowton
6d90b81655 Merge pull request #597 from owen-mc/var-args 
Update dbscheme to add table for variadic signature types
 2021-11-03 11:29:45 +00:00
Owen Mansel-Chan
7c1b7b8810 Fix strictnessOffset in isBoundFor 2021-11-02 15:09:39 +00:00
Owen Mansel-Chan
7de6e17d86 Recognise math.MaxInt and math.MaxUint 
Treat them as if we were on a 32-bit architecture.
 2021-11-02 15:09:06 +00:00
Owen Mansel-Chan
2cc0c80188 Add extra tests 2021-11-02 15:09:05 +00:00
Owen Mansel-Chan
be22373f3e Move Incorrect Integer Conversion tests to InlineFlowTest 2021-11-02 15:09:00 +00:00
Owen Mansel-Chan
109e3660f8 Split Incorrect Integer Conversion into query and lib files 
This is in preparation for changing the tests to use inline
expectations
 2021-11-02 12:43:54 +00:00
Owen Mansel-Chan
7d333d7dbe Add InlineFlowTest as simple inline expectation test 2021-11-02 12:43:54 +00:00
Owen Mansel-Chan
644c89b751 Update expected values for tests in the same folders 2021-11-01 21:38:41 +00:00
Owen Mansel-Chan
f2757135f2 Add tests for isVariadic() on FuncDef and Function 2021-11-01 16:00:50 +00:00
Kevin Gleason
49f4e3742f Fixed broken/moved/redirected links. 2021-10-29 17:17:17 -04:00
Chris Smowton
004beab750 Add a good variant of test case foo10 2021-10-29 11:07:30 +01:00
valeria-meli
434571067f Merge branch 'main' into feature/SSRF 2021-10-28 09:06:58 -03:00
valeria-meli
9615544092 Merge commit 'e784c356916468d4f40b8f47899970c4e75dada9' into main 2021-10-28 09:06:17 -03:00
Owen Mansel-Chan
e0e1a4671a Address review comments 2021-10-28 10:10:39 +01:00
Owen Mansel-Chan
cdee44bbd1 Add barrier guard for comparison 2021-10-28 10:10:38 +01:00
Owen Mansel-Chan
f4d9f2f2fa Remove unused test comments 
These were introduced in 68dca955. Currently they aren't doing anything
as there isn't an inline expectation test for the tag "source" in this
folder. It seems they were originally intended to indicate untrusted flow
sources, but they aren't needed as we are using "noflow" to only mark the
places where there isn't a flow.
 2021-10-21 11:07:59 +01:00
Owen Mansel-Chan
e01291f880 Put space after MISSING: and SPURIOUS: 
This is the preferred style now
 2021-10-21 11:07:59 +01:00
Owen Mansel-Chan
f38fd5722f Only one dollar sign in each comment 2021-10-21 11:07:58 +01:00
Owen Mansel-Chan
09ef621b2f Put space after first dollar sign 2021-10-21 11:07:58 +01:00
Owen Mansel-Chan
b8bd40463e Reorder MISSING labels 
The behaviour has changed: previously, "f+:" and "f-:" only affected the
following entry, but "MISSING:" and "SPURIOUS:" affect all following
 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
f28539928a Quote expected values that have spaces 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
5f0f04de1c Update labels for missing and spurious results 2021-10-21 11:07:57 +01:00
Owen Mansel-Chan
7961ba6b93 Add hasActualResult predicate not using Location 2021-10-21 11:07:50 +01:00
Owen Mansel-Chan
a9165ce4a6 Sync InlineExpectationsTest.qll 2021-10-21 05:21:18 +01:00
Chris Smowton
32d71e8247 Merge pull request #585 from github/jbj/getAPrimaryQlClass-file 
Fix getAPrimaryQlClass for File classes
 2021-10-19 11:17:07 +01:00
Jonas Jensen
61a0c44ef6 Accept test changes: File -> GoFile 2021-10-15 08:04:58 +02:00
Erik Krogh Kristensen
d27f42d287 add explicit this qualifiers 2021-10-14 12:45:14 +02:00
Dave Bartolomeo
eed0eab02c Merge remote-tracking branch 'upstream/main' into dbartol/refactor 2021-10-07 10:49:45 -04:00
Nati Pesaresi
636000ce01 fix qlref 2021-09-24 17:50:26 -03:00
Nati Pesaresi
ba552251e9 rm region tags 2021-09-24 17:08:52 -03:00
Natalia Pesaresi
63bb7ef56c Merge branch 'main' into feature/SSRF 2021-09-17 17:46:32 -03:00
Nati Pesaresi
2a20fe4b0e beautify names 2021-09-17 17:40:56 -03:00
Sauyon Lee
ec6ac9db7c Remove useless nodes predicate 2021-08-25 17:16:46 -07:00
Sauyon Lee
630e46e1fd Exclude files with build constraints from the cfg test 2021-08-25 17:16:46 -07:00